When You Should Disable Server Message Block v1

The recent ransomware attacks have had a inadvertent side effect at my home and office: It has pointed out to me how much I’m still dependent on Server Message Block v1 (SMB v1). Microsoft’s workaround for the recent ransomware attacks have recommended the following workaround as noted in KB2696547: disabling SMB v1, and leaving SMB v2 and SMB v3 alone unless you need to troubleshoot your security settings.

As noted in a September 2016 blog post, SMB v1 is a 30 year old protocol that has seen better days. The recent ransomware attacks using this protocol to amplify their mayhem have some security researchers still unsure of exactly how the initial attack vector took place. It’s unclear at this time if this ransomware came through targeted email attacks (like many other ransomware attacks), or, if this was a unique attack that possibly infected a workstation, which then brought the attack into the impacted networks through some network access point previously used to bring in other worm like attacks.

While it’s unclear how the initial infection started out, it’s clear that once the infection got into the network, it relied on vulnerabilities in SMB v1 to basically run rampant through the network. This is why so many security sites recommended disabling SMB v1 as an old and out of date protocol.

As pointed out on the Vinransomware blog site, the best way for a consumer or home user to disable SMBv1 is through the graphical user interface.

Trademarks: Microsoft and Windows are registered trademarks of Microsoft Corporation. The Windows Secrets series of books is published by Wiley Publishing Inc. The Windows Secrets Newsletter, WindowsSecrets.com, WinFind, Windows Gizmos, Security Baseline, Patch Watch, Perimeter Scan, Wacky Web Week, the Logo Design (W, S or road, and Star), and the slogan Everything Microsoft Forgot to Mention all are trademarks and service marks of iNET Interactive. All other marks are the trademarks or service marks of their respective owners.